===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/crypto.html,v
retrieving revision 1.86
retrieving revision 1.87
diff -c -r1.86 -r1.87
*** www/crypto.html 2001/06/26 11:46:14 1.86
--- www/crypto.html 2001/06/27 11:51:21 1.87
***************
*** 79,89 ****
! OpenBSD was the first operating system to ship with an IPSEC stack.
! We've been including IPSEC since early OpenBSD 2.1 release in 1997.
! Our fully conformant in-kernel IPSEC stack, with hardware acceleration
based on a number of cards, and our own free ISAKMP daemon, is used as
! one of the machines in the IPSEC conformance testbed run by
VPNC.
--- 79,89 ----
! OpenBSD was the first operating system to ship with an IPsec stack.
! We've been including IPsec since early OpenBSD 2.1 release in 1997.
! Our fully conformant in-kernel IPsec stack, with hardware acceleration
based on a number of cards, and our own free ISAKMP daemon, is used as
! one of the machines in the IPsec conformance testbed run by
VPNC.
***************
*** 189,195 ****
Stronger temporary names for mktemp(3) and mkstemp(3)
Randomness added to the TCP ISS value for protection against
spoofing attacks.
! random padding in IPSEC esp_old packets.
To generate salts for the various password algorithms.
For generating fake S/Key challenges.
In photurisd
--- 189,195 ----
Stronger temporary names for mktemp(3) and mkstemp(3)
Randomness added to the TCP ISS value for protection against
spoofing attacks.
! random padding in IPsec esp_old packets.
To generate salts for the various password algorithms.
For generating fake S/Key challenges.
In photurisd
***************
*** 216,222 ****
- In S/Key
to provide one time passwords.
!
- In IPSEC,
photurisd
and
isakmpd(8)
--- 216,222 ----
- In S/Key
to provide one time passwords.
!
- In IPsec,
photurisd
and
isakmpd(8)
***************
*** 248,254 ****
passwords. See also the USENIX paper
on this topic.
- In
! IPSEC
to provide confidentiality for the network layer.
- In Kerberos and a handful of kerberized applications, like
telnet,
--- 248,254 ----
passwords. See also the USENIX paper
on this topic.
- In
! IPsec
to provide confidentiality for the network layer.
- In Kerberos and a handful of kerberized applications, like
telnet,
***************
*** 260,266 ****
- In
photurisd and
isakmpd
! to protect the exchanges where IPSEC key material is negotiated.
- In AFS to protect the messages passing over the network, providing
confidentiality of remote filesystem access.
- In libssl to let applications communicate over the de-facto standard
--- 260,266 ----
- In
photurisd and
isakmpd
! to protect the exchanges where IPsec key material is negotiated.
- In AFS to protect the messages passing over the network, providing
confidentiality of remote filesystem access.
- In libssl to let applications communicate over the de-facto standard
***************
*** 274,282 ****
OpenBSD, starting with 2.7, has begun supporting some cryptography hardware
such as accelerators and random number generators.
! - IPSEC crypto dequeue
! Our IPSEC stack has been modified so that cryptographic functions get
! done out-of-line. Most simple software IPSEC stacks need to do
cryptography when processing each packet. This results in synchronous
performance. To use hardware properly and speedily one needs to separate
these two components, as we have done. Actually, doing this gains some
--- 274,282 ----
OpenBSD, starting with 2.7, has begun supporting some cryptography hardware
such as accelerators and random number generators.